Go to main content

Managing Auditing in Oracle® Solaris 11.4

Exit Print View

Updated: February 2019
 
 

Using Oracle Audit Vault and Database Firewall for Storage and Analysis of Audit Records

Audit records from an Oracle Solaris system can plug in to Oracle Audit Vault and Database Firewall, beginning with Oracle Audit Vault and Database Firewall release 12.1.0.0. Oracle Audit Vault and Database Firewall automates the consolidation and monitoring of audit data from Oracle and non-Oracle databases. You can then use Oracle Audit Vault and Database Firewall for analysis and reports of audited events on Oracle Solaris systems. For more information, see Oracle Audit Vault and Database Firewall (https://www.oracle.com/database/technologies/security/audit-vault-firewall.html).

The following figure shows how Oracle Audit Vault and Database Firewall collects Oracle Solaris audit records from designated secured targets. A secured target is any system that stores audit records or data.

Figure 2  Oracle Solaris and Audit Vault

image:Graphic shows how Oracle Solaris and Audit Vault work              together to handle alerts and create reports according to audit policy.

A host system is designated to run the AV agent that communicates with Oracle Audit Vault and Database Firewall. The agent enables Oracle Audit Vault and Database Firewall to receive and process audit data from secured targets. The agent reads the audit records from a designated audit trail on the secured target. These audit records are encoded in the native binary format. The agent converts the data to a format parseable by Oracle Audit Vault and Database Firewall. Oracle Audit Vault and Database Firewall receives the data and generates reports for administrators and security managers as required.

The agent can be installed on a secured target instead of on a separate system. Multiple hosts with agents can also be configured to connect to the Audit Vault server. However, when registering secured targets, indicate a specific system with which the AV server communicates to obtain audit data.

To configure Oracle Audit Vault and Database Firewall to accept audit records from both Oracle Solaris secured targets and non Oracle Solaris secured targets, ensure that the agent is installed and activated on the designated host system. For more information, find the documentation at the bottom of the Oracle Audit Vault and Database Firewall (https://www.oracle.com/database/technologies/security/audit-vault-firewall.html) web site.